An online synchronized content management system, such as Dropbox from Dropbox Inc. of San Francisco, Calif., allows its users to store and synchronize data on a cloud-based storage and across multiple client devices. Thus, for example, a user may upload a personal folder to the content management system, and then authorize multiple user devices to make duplicate copies of the folder on each of the devices. The instances of the folder can be kept synchronized across the devices. In other words, through the process of synchronization, the contents of the folder on multiple client devices can be kept identical. Even the slightest modification made by the user to one of the instances of the folder can automatically be replicated in other instances of the folder in a matter of seconds.
In order to protect the content synchronized in the content management system, the system creates separate user accounts for individual users of the system. Each user typically creates a unique username and assigns a password for her user account so that other unauthorized users could not access her content in the content management system. This means that the user, in general, must first provide the username and password to the content management system to login or sign into the user account before gaining access to the content. These security measures, however, can become a double-edged sword, in that, although the sign-in process may provide protection against unauthorized access, the requirement to enter the user credentials may pose inconvenience to the user.
Moreover, when a user accesses the content management system through two or more applications, platforms, or devices, the user may be required to provide the login credentials each time she uses a different application, platform, or device. For example, even after a user logs into her user account on a dedicated client application for the content management system, when the user opens up a web browser that runs on the same device to access the content management system through the web browser, she may be asked to replicate the sign-in process all over again by providing the same user credentials to the web browser. This may not only be inconvenient for the user, the added measure of security may be unnecessary because it can be reasonably assumed that the person who is requesting access through the web browser is the same user who has already provided the same information to the dedicated client application running on the same device.